On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC with HMAC such that they can control how large the input buffer is when computing the HMAC authentication tag. This can can allow a manipulated ciphertext to be verified as authentic, opening the door for padding oracle attacks.
{ "imports": [ { "path": "github.com/square/go-jose/cipher", "goarch": [ "386", "arm", "armbe", "amd64p32", "mips", "mipsle", "mips64p32", "mips64p32le", "ppc", "riscv", "s390", "sparc" ], "symbols": [ "cbcAEAD.Open", "cbcAEAD.Seal", "cbcAEAD.computeAuthTag" ] }, { "path": "github.com/square/go-jose", "goarch": [ "386", "arm", "armbe", "amd64p32", "mips", "mipsle", "mips64p32", "mips64p32le", "ppc", "riscv", "s390", "sparc" ], "symbols": [ "JsonWebEncryption.Decrypt", "genericEncrypter.Encrypt", "genericEncrypter.EncryptWithAuthData" ] } ] }